Messages

1

Development and Code Review / Re: PowerShell Module for OPNsense api

« on: October 03, 2018, 10:04:27 pm »

Two quick updates to report as I had a small breakthough into making the PowerShell Module more user friendly going forward.

- I'll publish a Dockerfile soon, so anyone can easily test the PowerShell module in a container.
- I am adding the ability to 'mount' and browse the OPNsense Menu and Items like it were a filesystem.

It's just a proof-of-concept, but it's working for some objects already:

2

Hardware and Performance / Re: LCDproc and Sophos SG/UTM Hardware

« on: September 26, 2018, 11:10:28 pm »

It seems there is currently no GUI for this plugin. You can edit the conf file manually:
https://forum.opnsense.org/index.php?topic=3130.0

3

General Discussion / Re: Adding 400 users to local user manager

« on: July 21, 2018, 10:28:44 pm »

If you have PowerShell installed on a workstation, you can easily import the users using my PS_OPNsense PowerShell Module. It's still in development but this should work:

Code: [Select]

Import-Module PS_OPNsense
Connect-OPNsense -Url $url -Credential $apicredential -SkipCertificateCheck

# Import users from CSV file
$users = Import-Csv -Path U:\opnsense\passwords.csv

# Loop the users
foreach ($user in $users) {
    # Build the Freeradius user JSON string
    $json = '{{ "user": {{ "enabled": 1, "password": "{0}", "username": "{1}" }} }}' -f $user.password, $user.username

    # Invoke the API call to create the user
    Invoke-OPNsenseCommand -Module freeradius -Controller user -Command adduser -Json $json -Method POST
}

# List all the Freeradius users
Get-OPNsenseItem -Freeradius User

Disconnect-OPNsense
I'm biassed towards PowerShell and it is very suitable for jobs like this. The Invoke-Command is a bit of a hack because I haven't implemented the New-OPNsenseItem cmdlet yet. But once you get the hang of the API it's fairly straightforward to script against OPNsense.

4

Development and Code Review / Re: PowerShell Module for OPNsense api

« on: June 16, 2018, 04:41:32 pm »

It's been a while, but today I've updated the master banch with version 0.1.5 of PS_OPNsense. There have been a lot of changes under the hood that should make maintaining the code a lot easier towards the future.

Notable changes:

• Improved Firmware Updates (see screencast below)
• Drastically reduce the number of cmdlets and code base
• Use OpenAPI json specification for describing the API calls
• Strong typing of CRUD Items allowing cmdlets to identify objects coming from the pipeline
• All CRUD Items can now be queried and removed using Get-OPNsenseItem ans Remove-OPNsenseItem
• Base functionality to query all Settings, but needs more work
• Install, remove, lock, unlock and list Packages and Plugins
• Added legacy cmdlets to query Vlans and Certificates

e.g. remove HAProxy server named Web001:

Code: [Select]

Get-OPNsenseItem -HAProxy Server -Filter 'web001' | Remove-OPNsenseItem
I'll be updating the documentation for PS_OPNsense and the API Reference next.

5

Development and Code Review / Re: Collapse Dashboard like on FreeNAS Beta UI ?

« on: June 16, 2018, 02:15:53 pm »

Neat! That looks very cool indeed. Good job!

6

18.1 Legacy Series / Re: Captive Portal: Sessions - how to read session id in Logfiles

« on: June 12, 2018, 10:13:43 pm »

The SQLite database is located here:

Code: [Select]

$database_filename = '/var/captiveportal/captiveportal.sqlite';
You can also make the SessionId visible in Services > Captive Portal > Sessions
Then click the column drop-down list -right to the search field- to enable Session. The list will now show the SessionId information in the Web GUI.

7

18.1 Legacy Series / Re: OpenVPN and Yealink Phones

« on: May 22, 2018, 11:40:28 am »

Good to hear this is working and thanks for reporting back.
I have both W52 and T38 as well and it's good to know they can be setup with opnsense opnvpn!

8

Development and Code Review / Re: Add route via api

« on: May 18, 2018, 08:28:50 pm »

How do I get a more verbose response?

This works for me:

Code: [Select]

#/usr/bin/python

# import libraries
import json
import requests

# define endpoint and credentials
api_key = ''
api_secret = ''

url = 'https://127.0.0.1/api/routes/routes/addroute'
headers = {'content-type': 'application/json'}
payload = '{"route": {"network": "10.0.50.0/24", "gateway": "LAN_DHCP", "descr": "vlan50", "disabled": "0"}}'

# Make the api call
r = requests.post(url, data=payload, verify=False, auth=(api_key, api_secret), headers=headers)

# Check response
if r.status_code == 200:
    print r.text
    response = json.loads(r.text)

    if response['result'] == 'saved':
        print ('The payload was successfully saved !')
        print (response['result'])

else:
    print ('Connection / Authentication issue, response received:')
    print r.text



9

Development and Code Review / Re: Add route via api

« on: May 18, 2018, 06:12:02 pm »

Just change the gateway field to the name you want as a string. Also the JSON keys/values should be in double quotes:

Code: [Select]

payload = '{"route": {"network": "10.0.50.0/24", "gateway": "LAN_DHCP", "descr": "vlan50", "disabled": "0"}}'

200 OK
{ "result": "saved" }

10

18.1 Legacy Series / Re: OpenVPN and Yealink Phones

« on: May 16, 2018, 09:43:59 pm »

I have configured opnvpn on a Yealink phone a while ago... not to opnsense but a cloud vpn.
What type of phone and firmware version are you using. I remember that the format can depend from phone to phone and version to version...

Try renaming your files using this naming convention and folder layout. It is very picky about the filenames and folders.

Code: [Select]

clientconf
├── keys
│   ├── ca.crt
│   ├── client.crt
│   └── client.key
└── vpn.cnf

Code: [Select]

cd clientconf
# from within the clientconfdirectory:
tar -c vpn.cnf keys/* -f openvpn.tar
You need to run the tar command from within the folder itself. Otherwise the paths will get mangled and the file won't work.
Upload that file in the Web GUI or via your provisioning system.

11

Documentation and Translation / Re: Dockerized "buildsys" for the docs (Sphinx)

« on: May 03, 2018, 10:45:04 pm »

This docker is a great tool. It worked for me on the first run and now I'm able to write & compile docs... I wouldn't know where to start building Sphinx from scratch, so I took this shortcut.

Next up is to figure out reStructuredText syntax. 

12

18.1 Legacy Series / Re: How to setup and manage 18+ OpnSense centralized

« on: May 01, 2018, 11:15:04 am »

Your best chance is to scrape the source code. I have compiled a list of api commands from the source code here.

If you have PowerShell you can take a look at my PowerShell Module PS_OPnsense that's in the works. It's purpose is to automate OPNsense management. PowerShell Core 6 is cross-platform as well. If you are looking for specific functionality I might be able to include that.

There are some ruby and cli api clients out there as well.

13

Development and Code Review / Re: PowerShell Module for OPNsense api

« on: March 03, 2018, 10:28:04 pm »

Just a quick update as I have merged a new dev version of PS_OPNsense into master today.

It now has cmdlets for most of the HAProxy objects. However not all the advanced options and properties are available yet, but it is coming along fine... It is now possible to get, add and remove Servers, Backend pools, Frontend services, Error files and Lua scripts.

Furthermore, there is a new Examples folder in the project which shows how to implement these cmdlets into scripts.

I'm also implementing automated Pester tests into the development process to reduce the time needed to test and validate all functions. This already comes in handy when testing the module on new platforms and OPnsense releases. I have PowerShell with PS_OPNsense running in Ubuntu 18.04 beta. The module is indeed working in PowerShell Core 6.0.1 for Linux

So lots of progress and lots of new ideas for additions and improvements to come... Last but not least, any feedback and testing is encouraged.

14

18.1 Legacy Series / Re: API Information

« on: January 22, 2018, 07:15:23 pm »

The information is all on the WebGUI, so form what I understand it should be accessible via the API?

How are the URLs for the API built? Is that the wrong way to go on OPNsense?

From my experience you can look at the URI in the WebGUI and you'll notice that it either starts with /ui/modulename/... or it ends in *.php. The former is code using the new MVC model and it has APIs behind it. The latter (.php) pages are legacy code and do not have an API yet.

When there is an API behind the page it follows the syntax /api/<module>/<controller>/<command> and usually returns a json object. And indeed you can do pretty much the same as with the GUI. A comprehensive list can be found here.

The only thing, like franco mentioned, is that not all parts have been converted to this model, but with every release more and more functions are reworked using the MVC model.

15

Development and Code Review / Re: PowerShell Module for OPNsense api

« on: January 20, 2018, 01:53:21 pm »

Quagga and FRR do have the same API. I have not changed it (API endpoints are the same as well as the data stored). So currently an API client for FRR is also an API client for quagga.

Theat's great news . There was quite an increase in the Action() functions when I did a git grep on the new code. I didn't realize net/frr and net/quagga actually shared the same api calls... so yeah, it shouldn't make much difference in the end. Thanks for this clarification!

Another frequently used plugin is HAProxy (often used in combination with the Let's Encrypt plugin). This one might be complicated but from what I read here it feels like to be the most used plugin.

Alright I'll start working on cmdlets for the HAProxy functionality and see how it goes.